Privacy Policy

SUMMARY OF THE PRIVACY POLICY

This document is a short summary of the Privacy Policy (hereinafter referred to as the „Policy”). More detailed information on data processing is available in the full version of the Policy accessible below. Please note that only the full version of the Policy is considered as complete and adequate information. The purpose of this summary is to give a better understanding of the Policy.

Purpose of data processing

Subscription to newsletters

Communication with Users on the Site

Communication with Users related to the White Paper

Data controller(s)

· Arilou

· NNG

· Arilou

· NNG

· Arilou

· NNG

Scope of processed data

· User’s first and last name;

· User’s email address.

· User’s first and last name;

· User’s email address;

· telephone (optional);

· company (optional);

· category of the message;

· subject of the message;

· text of the message;

· attachment to the message (optional)

· User’s first and last name;

· User’s email address.

· Country;

· Company;

· Role at the company (optional)

Legal basis

· User’s consent.

· User’s consent.

· User’s consent

Duration of data processing

· Until the User’s request for deletion.

· The User’s personal data will be deleted 2 years after the User’s last activity (e.g. opening a newsletter), should the Data Controllers notice that the User has not been active on the Site for at least 2 years.

· Until the User’s request for deletion.

· The User’s personal data will be deleted 2 years after the User’s last activity (last communication), should the Data Controllers notice that the User has not been active on the Site for at least 2 years.

· Until the User’s request for deletion.

· The User’s personal data will be deleted 2 years after the User’s last activity (last download of the White Paper), should the Data Controllers notice that the User has not been active on the Site for at least 2 years.

Data processor

· Mail Chimp

· SalesForce

Privacy Policy

1. Purpose of this document

This Privacy Policy (hereinafter referred to as the “Policy”) sets the terms and conditions on how the data subject’s (hereinafter referred to as the “User” or “you”) personal or anonymous information is processed. Please read these terms and conditions carefully!

2. Definitions

General Data Protection Regulation or GDPR means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

NNG means NNG Software Developing and Commercial Limited Liability Company.

  • Registered office: H-1037 Budapest, Szépvölgyi út 35-37, Hungary
  • Court of registration: Budapest-Capital Regional Court (Fővárosi Törvényszék)
  • Company registration number: Cg.01-09-891838
  • Tax number: 13357845-2-44
  • Email address: press@nng.com
  • Website: www.nng.com

Arilou means Arilou Information Security Technologies Ltd. Arilou is a subsidiary of NNG and provides cyber security solutions.

User or "you" means a registered or not registered visitor of the Site.

3. Availability and updating of this document

The Data Controllers reserve the right to amend this document unilaterally at any time. We suggest visiting the Site from time to time for the latest information.

4. Data controller(s)

The data provided on the Site is processed by NNG and Arilou as joint controllers (hereinafter referred to as “Data Controllers”). The Data Controllers have concluded an agreement on joint controlling and determined the purposes and means of processing with special regard to their respective responsibilities for compliance with the obligations under the GDPR.

The provided data is accessible to the following persons:

  • NNG’s employees involved in the data processing (including IT specialists performing a variety of IT tasks related to the operation and maintenance of NNG’s computer system) as part of their role within NNG in connection with performing their duties associated with the purpose of this Policy.
  • Arilou’s employees involved in the data processing (including IT specialists performing a variety of IT tasks related to the operation and maintenance of Arilou’s computer system) as part of their role within Arilou in connection with performing their duties associated with the purpose of this Policy.

5. Data processing activities

5.1.1. Sending newsletters

5.1.1.1. Purpose of the data processing

The Data Controllers may send newsletters to the User who subscribes under the terms set forth in this section to inform the User about new Products, promotions, or other marketing activities. The Data Controllers may also inform Users in such newsletters about business offers and opportunities. The Data Controllers may evaluate and measure the effectiveness of its newsletter campaigns as described in section 10, by involving a data processor.

5.1.1.2. Scope of User’s processed personal data:

  • First and last name;
  • Email address.

5.1.1.3. Legal basis of the data processing

The data is processed in compliance with GDPR, and all relevant local laws.

The legal basis of data processing is

  • the User’s express consent given pursuant to point a) in Article 6(1) of the GDPR and
  • sections 6(1) and (2) of Act XLVIII of 2008 on the basic requirements of and certain restrictions on commercial advertising activities (“Advertising Act”).

5.1.1.4. Duration of the data processing and subscription to the newsletter

  • Until the User’s request for deletion.
  • The User’s personal data will be deleted 2 years after the User’s last activity (e.g. opening a newsletter), should the Data Controllers notice that the User has not been active on the Site for at least 2 years.

The User can subscribe to newsletters on this Site. By ticking the appropriate checkbox, the User gives his/her voluntary consent that the Data Controllers send him/her a newsletter from time to time. The User may withdraw his/her consent at any time by sending an email to arilou.web@nng.com or by sending mail to NNG’s (H-1037 Szépvölgyi út 35-37. Budapest, Hungary) or Arilou’s address (HaAhim Bejerano 7, Ramat-Gan, Israel, 5232901). You may also unsubscribe (opt-out) at any time by following the instructions in the newsletter. Please note that the Data Controllers may at any time decide to stop sending newsletters without prior notice, or further liability or obligation of any kind.

Please note that the newsletters are sent with the cooperation of a data processor defined in section 10.1. As NNG has a contract with this entity, technically NNG handles all newsletters upon Arilou’s request.

5.1.2. Communication with the User on the Site

5.1.2.1. Purpose of the data processing

The User can send messages to the Data Controllers on the Site in order to receive more information on the products offered by Arilou by providing certain personal data listed in point 5.1.2.2.

5.1.2.2. Scope of User’s processed personal data:

  • First and last name;
  • Email address;
  • telephone (optional);
  • company (optional);
  • category of the message;
  • subject of the message;
  • text of the message;
  • attachment to the message (optional).

5.1.2.3. Legal basis of the data processing

The data is processed in compliance with GDPR and all relevant local laws. The legal basis of data processing is the User’s express consent given pursuant to point a) of Article 6(1) of the GDPR.

5.1.2.4. Duration of the data processing

  • Until the User’s request for deletion.
  • The User’s personal data will be deleted 2 years after the User’s last activity (e.g. opening a newsletter), should the Data Controllers notice that the User has not been active on the Site for at least 2 years.

5.1.3. Communication with Users related to the White Paper

5.1.3.1. Purpose of the data processing

The Data Controllers wish to provide access to Users to an educational material based on researches concerning cyber security (hereinafter referred to as “White Paper”).

5.1.3.2. Scope of User’s processed personal data:

In order to keep contact with those Users who downloaded the White Paper and inform them when there is new available content on the Site, the Data Controllers process the following data of the Users:

  • First and last name;
  • Email address;
  • Country;
  • Company and
  • Role at the company (optional).

Please note that contacting Users belongs to the Data Controllers’ sole discretion and that they may decide anytime to stop informing Users without any notice, further liability or obligation of any kind.

5.1.3.3. Legal basis of the data processing

The data is processed in compliance with GDPR and all relevant local laws. The legal basis of data processing is the User’s express consent given pursuant to point a) of Article 6(1) of the GDPR.

5.1.3.4. Duration of the data processing

  • Until the User’s request for deletion.
  • The User’s personal data will be deleted 2 years after the User’s last activity (e.g. opening a newsletter), should the Data Controllers notice that the User has not been active on the Site for at least 2 years.

6. Consent to the provisions of this Policy

6.1. By subscribing to the newsletter, sending communication via the Site or downloading the White Paper by way of ticking the appropriate checkbox(es), you expressly and voluntarily give your consent to the Data Controllers to process your personal data in compliance with the provisions of this Policy and rules of law on data protection.

6.2. Any personal information that you supply to the Data Controllers must be true, complete, and accurate in all respects.

7. Cookies

The Data Controllers hereby inform you that if you download certain parts of the Site, small data files (hereinafter referred to as “Cookies”) will be automatically sent by the web server to your device. In certain cases, these data files may be considered as personal data. These data files are necessary for the proper operation of the Site, and are used to collect anonymous information on the User’s visits to the Site. You can control the use of Cookies by setting your browser, however, if you choose to disable Cookies, some website features or services may not function properly.

You can accept or refuse Cookies on a case-by-case basis, or refuse all Cookies by adjusting your browser settings. To find out how to do this and learn more on Cookies, please visit: https://www.youronlinechoices.eu/. If you choose to refuse all Cookies, access to some of the website's pages will be limited.

Types of Cookie

Purpose of Cookies

Cookie retention period

Google Analytics

The Site uses the Google Analytics tool to collect and analyse information on the User’s access to and use of the Site. We use the information to compile reports and improve the Site. The data is collected in an anonymous form, including the number of Users to the Site, where Users have come to the Site from, and the pages they visited within the Site. The collected data cannot be tracked back to the User. For further information on Google’s privacy policy, click here.

Google Analytics Cookies are created as soon as the User visits a website on which a valid Google Analytics tracking code is installed. The Cookies will be held on the User's device for a maximum period of 2 years from the above date. For further information, please click here.

Session

Session Cookies allow the User to be recognized within the Site, so the User will not be prompted to give the information he/she has already provided.

The information is saved until the end of the current session. A session means the time period during which the User is visiting the Site. After that, the collected information will no longer be available.

Persistent

Persistent Cookies remember the language settings applied by the User.

The Cookie is automatically deleted after 1 year.

Facebook pixel

The Facebook pixel is a code, which helps to track User’s behaviour and conversions. It enables Facebook to report the number of actions Facebook ads drive and allow Facebook to learn which of the visitors who have seen our ads are more likely to take a certain action, e.g. make a purchase, on our Site, and optimize the delivery of ads to trigger more of such actions.

The Cookie is held in the User's browser for a maximum period of 180 days.

Google AdWords remarketing Cookies

The Site uses these cookies to serve ads based on a User’s prior visits to the website. This allows us to make special offers and continue to market our services to those who have shown interest in our service.

Google AdWords remarketing Cookies are created as soon as the User visits a website on which a valid Google AdWords remarketing code is installed. The Cookies will be held on the User's device for a maximum period of 2 years from the above date.

LinkedIn Insight Tag

The LinkedIn Insight Tag creates a unique LinkedIn browser cookie on a visitor's browser and enables the collection of the following data for that cookie: metadata (such as IP address, timestamp, page events (like page views), and LinkedIn demographic information if there is an active LinkedIn.com member cookie present. Collected data is encrypted. For more information please click here.

This data is encrypted, then de-identified within seven days, and the de-identified data is deleted within 90 days.

8. Links

Please note that there are links on the Site that lead to other websites. Their respective data protection rules apply to the use of such external websites, therefore after you click on their link or the provided button, the Data Controllers will no longer have any influence over the collection, storage, or processing of any personal data transmitted by your click.

9. Data security

The Data Controllers observe all applicable regulations regarding the security of personal data, therefore both the Data Controllers and their authorized data processor(s) implement appropriate technical and organizational measures to protect personal data, and establish adequate procedural rules to enforce the provisions of all applicable laws concerning confidentiality and the security of data processing.

10. Data processor(s)

10.1. The Rocket Science Group LLC d/b/a MailChimp

10.1.1. Data processing is carried out on behalf of the Data Controllers by a data processor, which provides email marketing services. The data processor provides NNG with an online system (hereinafter referred to as the “System”), through which the Data Controllers can manage the sending of newsletters to the User.

10.1.2. To improve marketing activities, the System is used for the following purposes:

  • Storing the User’s personal data;
  • Sending emails to the User;
  • Checking whether the addressee has received the email;
  • Analysing the bounce rate (e.g. cases when the email address is invalid or the email is listed as spam);
  • Analysing the addressee’s behaviour (in particular whether the email was opened, how many times the addressee clicked on it, whether the addressee read the entire email).

10.1.3. The User data listed in section 1.1.2 is stored both in the System and on the Data Controllers’ servers.

10.1.4. The Data Controllers reserve the right to change the data processor at any time.

Name of the data processor: The Rocket Science Group LLC d/b/a MailChimp

Address of the data processor: 675 Ponce De Leon Ave NE, Suite 5000 Atlanta, Georgia 30308 USA

10.2. SalesForce

10.2.1. For making the White Paper available to the Users, the Data Controllers cooperate with a data processor. The data processor provides the Data Controllers with an online system (hereinafter referred to as the “System”), through which they can manage the sending of the White Paper to the Users. The data processor does not have access to the content uploaded by the Data Controllers to the System.

10.2.2. To improve user experience, the System is used for the following purposes:

  • Storing the User’s personal data;
  • Allowing for the User the download of White Paper;
  • Analysing the User’s interaction with the downloaded White Paper.

10.2.3. The User data listed in section 1.3.2 is stored both in the System and on the Data Controllers’ servers.

10.2.4. The Data Controllers reserve the right to change the data processor at any time.

11. Rights and enforcement

11.1. You may exercise your rights in respect of and against each of the Data Controllers.

11.2. You may exercise the following rights in relation to the Data Controllers' data processing activities:

  • Request information on the processing of his/her personal data;
  • Request the rectification of his/her personal data;
  • Request the deletion of his/her personal data or restriction of the processing of his/her personal data;
  • Object to the Data Proseccor's data processing;
  • Request data portability.

11.3. You are entitled to request information on data related to you and processing carried out by the Data Controllers thereof, especially information as to what personal data relating to you is stored; the sources from which they were obtained; the purpose, grounds, and duration of processing; if your personal data is made available to others, the legal basis and the recipients; and any data protection incident in relation to your personal data by sending an email or mail to the email or postal address (registered office) specified in section 1. The Data Controllers shall provide written information on the processing of your personal data within 1 months after receipt of the request. You may also request the correction of your personal data.

11.4. You are also entitled to request a structured, commonly used and machine-readable formatted copy of your personal data that the Data Controllers are processing subject to conditions set out in Article 20 of the GDPR.

You have the right to transmit your personal data to another controller or, where it is technically feasible, you can request the Data Controllers to transfer your personal data directly to another controller as specified in Article 20 of the GDPR.

11.5. If your personal data is inaccurate, you may request the Data Controllers to rectify such data, provided that the correct data is at the Data Controllers’ disposal.

11.6. Your personal data shall be deleted upon your request in accordance with applicable laws. Your request for data deletion may be submitted to the Data Controllers by using the email or postal addresses (registered office) specified in section 1. The Data Controllers shall delete all stored personal data in compliance with this Policy by obfuscating your personal data, by making it anonym in a permanent and non-reversible manner. Please be informed that your data will not be deleted if the processing thereof is required by law or other exceptions apply under applicable law.

11.7. You have the right to obtain restriction of processing from the Data Controllers in the following cases:

  • you think that your processed personal data is not accurate, for a period enabling the Data Controllers to verify the accuracy of your personal data;
  • the processing is unlawful and you oppose the erasure of your personal data, you are entitled to request restriction of their use instead;
  • the Data Controllers no longer need your personal data for the purposes of processing, but you require the Data Controllers to continue the processing for the establishment, exercise or defence of your legal claims;
  • you have objected to processing, for a period pending the verification whether the legitimate grounds of the Data Controllers override those of yours.

11.8. At any time, you have the right to object to processing your personal data subject to certain conditions under applicable laws, you may separately object against processing your personal data for direct marketing purposes, including profiling. In this case, the Data Controllers will no longer process your personal data unless the Data Controllers demonstrate compelling legitimate grounds for the processing which override your interests, rights and data protection related freedoms or if the processing is necessary for the establishment, exercise or defence of legal claims.

11.9. You may lodge a complaint about the processing of your personal data to the National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság – NAIH; address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/C.; postal address: 1530 Budapest, Pf. 5; 5 phone: +36-1-391-1400; facsimile: +36-1-391-1410; email: ugyfelszolgalat@naih.hu) or to the data protection authority of your home country or country of your residency.

11.10. Independently from lodging a complaint to the data protection authority, you may turn to court pursuant to the provisions set forth in the GDPR if your rights are infringed. Upon your decision, the procedure may be launched before the tribunal in whose jurisdiction you are domiciled or you have a temporary address. Prior to initiating a legal procedure, it may be useful to discuss the complaint with the Data Controllers.

11.11. Your detailed rights and remedies are set out in Articles 15-21 of the GDPR.

12. Limited applicability of this Policy

This Policy is not applicable to the Career Portal of the Site. The privacy policy on the processing of data uploaded therein is available here.

13. Contacting the Data Controllers

We value your opinion. If you have any comments or questions, or wish to obtain more information on data processing from the Data Controllers, please use the Contact us menu on this Site or write to any official addresses of the Data Controllers. We will handle the submitted information confidentially. Our representative will contact you within a reasonable time.

This Policy was posted and is effective as of 18 May 2018.